The history of ransomware, although not long, is certainly notable. And understanding a little of the history of this plague can provide insights that might help you better protect your organization. Knowing how ransomware has evolved over the years is valuable information, as it takes you inside the mind of a ransomware actor.
Ransomware.org is one of the best sites out there for learning the history of ransomware. The place to go first is our landing page for this, helpfully called “The History of Ransomware.” Ransomware started in 1989 with the so-called “AIDS Trojan,” which was passed on to 20,000 attendees at the World Health Organization’s AIDS conference.
That ransomware was in its infancy as shown by the fact that the malware was distributed via 5¼” floppies, and demanded a ransom of … $189.
We published an article on that attack and the aftermath here. Interestingly, the AIDS Trojan didn’t lead to an immediate tidal wave of similar attacks. They started to pick up more about a decade later.
The history of ransomware timeline continues through various other Trojans, Locker ransomware, crypto ransomware, and more, all the way up to the most famous ransomware attack of all time: the Colonial Pipeline attack in May 2021 that impacted much of the east coast of the United States.
The reverberations of that attack are still being felt. We ran an article on the lessons learned and fallout a year after the attack. Some of those lessons include:
Another article detailed an attack not as famous as the Colonial Pipeline incident, but just as impactful (in a less sensational way): the Archiveus Trojan. In fact, the Archiveus Trojan, which appeared in 2006, provided a blueprint in many ways for modern ransomware.
As the article states, “When a system became infected with Archiveus, all of the user’s files in the My Documents folder were copied into a single file and encrypted using RSA.” Sound familiar?
In terms of a turning point when ransomware really took off, many experts point to the discovery of CryptoLocker in September 2013. The Cybersecurity & Infrastructure Security Agency, informally known as “US-CERT,” has a full report on it here, along with resources to help you understand more about CryptoLocker.
Finally, to gain an understanding of what’s coming in the ransomware field in 2023, check out this ActualTech Media interview with ransomware expert Allan Liska, and learn how to protect yourself from the most current attacks.